593 pirated copies of the Cobalt Strike attack emulation tool used by cybercriminals were shut down and weakened

Cobalt Strike is a tool developed by security firm Fortra (formerly HelpSystems) whose main purpose is to simulate cyberattacks and discover security vulnerabilities. Pirated versions of Cobalt Strike have been distributed and exploited by cybercriminals, but an international team led by the UK’s National Crime Agency (NCA) successfully shut down 593 “pirated Cobalt Strike servers”.

National Crime Agency launches international operation to devalue illegal versions of Cobalt Strike – National Crime Agency
https://www.nationalcrimeagency.gov.uk/news/national-crime-agency-leads-international-operation-to-degrade-illegal-versions-of-cobalt-strike

Cobalt Strike is a paid security tool from Fortra and has advanced features such as “Infiltrate the system”, “Capture keystrokes”, “Take screenshots”, “Download arbitrary files” and “Hide attack communications”. Cobalt Strike allows users to discover vulnerabilities in their security systems and strengthen their countermeasures.

Cobalt Strike is a software that was developed to improve security. However, since the late 2010s, pirated copies of Cobalt Strike have been circulating among cybercriminals and are being used for attacks. Cobalt Strike has Detailed support information, including videos explaining how to use so that it is often used by cybercriminals as an “easy-to-use attack tool”. Cyberattacks using pirated Cobalt Strike have been reported one after another, and there were reports of cybercriminals with ties to the Chinese government using pirated versions of Cobalt Strike.

Is there evidence that Chinese government hackers are deliberately stealing information from Taiwan’s semiconductor industry? – GIGAZINE

Cybercriminals using pirated Cobalt Strike set up “pirated Cobalt Strike servers” on the Internet and lure victims to these servers to carry out cyberattacks. NCA worked with the Federal Bureau of Investigation (FBI), the Australian Federal Police, the Royal Canadian Mounted Police, the German Federal Criminal Police Office, the Dutch National Police and the Polish Central Office for Cybercrime Prevention to conduct an operation to take down “pirated Cobalt Strike servers”.

The team targeted 690 servers at 129 Internet service providers in 27 countries and successfully brought down 593 servers during the week beginning June 24, 2024.

“Removing the tools and services that support cybercriminals’ activities is the most effective way to weaken them,” said Paul Foster, head of the NCA’s cybercrime unit, stressing the effectiveness of the server shutdown.

In addition, Fortra, the developer of Cobalt Strike, has announced that it will continue to work with law enforcement to eliminate pirated content.